Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.

Quote:

The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.

Warnings appearing to be from the FBI tell the victim: "you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300."

Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.

this is why that feature was the 1st thing i turned off when i upgraded my macbook pro/bought my new iMac

Useless Feature IMO, i use a script to start up the programs i need with a single click, and tie that to startup. i prefer clean starts when i restart a program, not a cached copy of the program from earlier

Regarding the extension for Safari, there is a disclaimer associated with it. It turns out, due to Apple, this extension isn't as robust and powerful as those for Chrome or Firefox. but should nontheless help out.

Quote:

*Unlike NoScript, this tool only blocks scripts when they are loaded from an external file or a data URI. What this means is that any scripts that are within the page itself can still run. Usually this is enough to remain safe on the web and block trackers, advertisers, etc. Unfortunately this is a limitation of the Safari extension design, not mine.

This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.

Exactly. That's one of the first things I do when I help someone else with any problem with their Mac. That "feature" should never have been enabled by default. Its one of those "sounds great when you discuss it, but doesn't work in practice" type features.

Wow, at least make it more believable. Pay $300 to unlock browser? Ok, why don't you at least write something along the lines

"There was a new law that passed that allows settlement of these fines at $300. You may pay the $300 settlement fine now or legal action may pursue against you. You will have the right to defend your case in court. blah blah"

At least make the $300 believable. Who falls for this crap, seriously.

Pretty obviously fake, as if the FBI would use phrases like 'child porno photos and etc were found on your computer'. Still I suppose it only takes a very small fraction of people seeing this to pay up to make the criminals a decent amount of cash.

This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.

Honestly, if people really fall for these tricks they should not be anywhere near a computer and they deserve to be ripped off - hopefully they might learn from it. For god's sake the URL alone is enough to make you realise its dodgy. People should NOT be told to keep pressing OK buttons on dialogue boxes as this can introduced more problems. Notice the user in the video did not got to preferences and change the home page, or Hold shift and Start safari either.